Catálogo de publicaciones - libros

We introduce a scheme for anonymous user exclusion in an encrypted broadcast communication. It allows a broadcaster to change the transmission key with a single message broadcasted to N users so that all but z excluded users can retrieve the new key, and volume of the message is $O{\mathcal ({\it z})}$ . Our scheme is based on Shamir’s secret sharing method based on polynomials with dynamic coefficients and shares that evolve in time. No explicit ID’s and pseudonyms are used.

Probabilistic Packet Marking algorithm, one promising solution to the IP traceback problem, uses one fixed marking space to store router information. Since this fixed space is not sufficient for storing all routers information, each router writes its information into packets chosen with probability p , so-called probabilistic marking. Probabilistic marking seems to be helpful in lowering router overhead, however, it also bring computation overhead for the victim to reconstruct the attack paths and large number of false positives. In this paper, we present a new approach for IP traceback, Deterministic Packet Marking Scheme with Link Signatures, which needs routers mark all packets during forwarding (so-called deterministic marking). We make a study of how much both the probabilistic and our deterministic packet marking schemes affect router overhead through simulations. The results confirm that our deterministic marking scheme will slightly lower router overhead, and besides, it has superior performance than another improved probabilistic packet marking method, Advanced Marking Schemes. Further performance analysis and simulation results are given to show that our technique is superior in precision to previous work—it has almost zero false positive rate. It also has lower computation overhead for victim and needs just a few packets to trace back attacks and to reconstruct the attack paths even under large scale distributed denial-of-service attacks. In addition, our scheme is simple to implement and support incremental deployment.

The Intrusion detection system deals with huge amount of data which contains irrelevant and redundant features causing slow training and testing process, higher resource consumption as well as poor detection rate. Feature selection, therefore, is an important issue in intrusion detection. In this paper we introduce concepts and algorithms of feature selection, survey existing feature selection algorithms in intrusion detection systems, group and compare different algorithms in three broad categories: filter, wrapper, and hybrid. We conclude the survey by identifying trends and challenges of feature selection research and development in intrusion detection system.

The large-scale network environment incarnates interconnection of different security domains. There are different security policies in the domain or among the domains, and conflicts can arise in the set of policies which lack of trust and consultation. A network security policy model is proposed in this paper. By defining and describing security policy and domain, the policies’ integrity, validity, consistency, conflicts detecting, resolving and releasing are studied. The policy implementation mechanism is based on rule engine. This paper gives the achieve steps and efficiency analysis. The technology can be adapted to establishing and controlling the policy service in the extensive network environment.

The security vulnerabilities in a network environment and their corresponding countermeasures have become more critical issues than ever. Although many researchers and vendors have introduced powerful mechanisms such as Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) for network security, the packet-based decision is not always correct, especially when those systems are involved in network traffics across multiple organizations under different security policies. In fact, some legitimate (normal) network traffics produce a similar pattern to that of malicious traffics such as Distributed Denial of Service (DDoS), and vice versa. We call those traffics suspicious. Suspicious traffic cannot be clearly designated as malicious or normal traffic. Since traditional IDS or IPS approaches make a simple binary decision (i.e., allow or reject) based on pre-defined rules, there is a high possibility that suspicious/legitimate packets are rejected or suspicious/malicious packets are allowed. To enhance the quality of service in a network environment, we propose in this paper a Packet Marking-Based Cooperative Attack Response Service (pm-CARS) that is able to effectively deal with suspicious network traffic. pm-CARS nodes cooperate with each other by using packet-marking. These pm-CARS nodes mark suspicious packets instead of dropping them. All the marked packets are forwarded to the next node using a low priority of service designation, which indicates the drop probability is very high. Our pm-CARS includes two schemes: abnormal IP address detection and abnormal excess traffic detection schemes. Our pm-CARS can reduce the false-positive rate and can protect the quality of service for innocent traffic from attacks. Finally, we simulate our ideas in a network environment and discuss the evaluation results.

Formal method provides a way to achieve an exact and consistent definition of security for a given scenario. This paper presents a formal state-based verifiable RBAC model described with Z language, in which the state-transition functions are specified formally. Based on the separation of duty policy, the constraint rules and security theorems are constructed. Using a case study, we show how to specify and verify the consistency of formal RBAC system with theorem proving. By specifying RBAC model formally, it provides a precise description for the system security requirements. The internal consistency of this model can be validated by verification of the model.

The importance of security-enhancing mechanisms at the kernel level, such as an access control, has been increasingly emphasized as the weaknesses and limitation of mechanisms at the user level have been revealed. Among many access controls available, role based access control (RBAC) is mandatory and supports the separation of duty when compared to discretionary access control (DAC). With these advantages, RBAC has been widely implemented at various levels of computing environments, such as the operating system and database management system levels. However, the overheads for supporting all of the RBAC features and flexibility are significant. We designed a fast, simple, and mandatory access control model with some RBAC and DAC characteristics, then implemented a prototype and measured its overheads.

Much secure system policy development uses the DTE (Domain and Type Enforcement) model, but the DTE model cannot explicitly provide the security goals of the policy. The invariants of the only based-DTE integrity protection formal model are too complex and make the model impractical. A DTE-Biba integrity formal model is proposed, in which DTE is the underlying component and the Biba integrity is the security goal. The DTE-Biba formal model describes direct Biba control relationships, and ignores the integrity level of objects. The aim is to provide the foundation for supporting effective policy configuration, policy integrity analysis and integrity verification of the DTE secure systems.

Buffer overflow(BOF) has been the most common form of vulnerability in software systems today, and many methods exist to defend software systems against BOF attacks. Among them, the instruction set randomization scheme, which makes attacker not to know the specific instruction set of the target machine, is the most promising defense scheme because it defends all typical code-injection BOF attacks. However, this defense scheme can not cover data-injection BOF attacks like return-into-libc attacks. In order to defend against the data-injection BOF attacks as well as the code-injection BOF attacks, we propose an enhanced defense scheme randomizing not only the instruction sets but also the return addresses. Implementation results show that the proposed scheme can defend software systems against data-injection BOF attacks as well as code-injection BOF attacks without significant extra overheads.

Recently, a statistical filtering based on Bayes theory, so-called Bayesian filtering gain attention when it was described in the paper “A Plan for Spam” by Paul Graham, and has become a popular mechanism to distinguish spam email from legitimate email. Many modern mail programs make use of Bayesian spam filtering techniques. The implementation of the Bayesian filtering corresponding to the email written in English and Japanese has already been developed. On the other hand, few work is conducted on the implementation of the Bayesian spam corresponding to Chinese email. In this paper, firstly, we adopted a statistical filtering called as bsfilter and modified it to filter out Chinese email. When we targeted Chinese emails for experiment, we analyzed the relation between the parameter and the spam judgement accuracy of the filtering, and also considered the optimal parameter values.